Using the Maker edition at home I created a workout logging application tailored to my needs. I showed it to a few of my friends and they asked if they could use it as well, we figured it would be fun if we could track everyone’s activity, compete against each other, etc.
As someone who’s not very IT-knowledgeable, what sort of options would I have in making this accessible to a few other select people? Cursory searching tells me that opening up my home network is not advisable since I don’t know exactly what I’m doing.
The best option I came up with is to get a cloud-hosted server with a public IP, install ignition, get a domain name, and install SSL. I’m not overly-worried about security since there’s no personal information, just workout data, but I would still like it secure. Migrating the project to another gateway wouldn’t be an issue.
Are there any other good options? Or flaws with using a cloud-hosted server?
You should always be worried about this on the public internet, as any compromise to your server could be a stepping stone to compromising your user's computers.
Your plan is basically sound, as long as you learn enough about SSL to deploy it.
For something like this, buy a cheap domain name on Cloudflare then use cloudflared
to set up a tunnel that cloudflare will automatically set up SSL for you and you don't have to open a firewall port to make it work. It also works with CGNAT so if your home connection is something like Starlink it will still work.
When using cloudflared you'll use a subdomain off of your purchased domain, so something like workout.mydomain.com
3 Likes
Depends how many friends are wanting to use it, but you could also look into using tailscale VPN. You connect your ignition pc to the VPN, and then all your friends will need to install tailscale on their phones as well and you can add them to your account. It's really simple to set up and there's a free tier
Looking into this now, I bought a domain name and had a tunnel set up to my Ignition instance. Should I connect this to the http port on the gateway, or should I look at setting up SSL on the gateway and connecting to an https port?
You can point it to just the http service on 8088 as it gets encrypted across the tunnel. Super simple.
Easy peasy. Thanks for the info, and for saving me some monthly server rental costs.
1 Like